(prunable-friendly; quantum-resilient to signature forgery)

bitcoin

> *by simul*
>
> # Anchor-gated, UTXO-moving, template-bound spend using OP_TXHASH + OP_CTV with an escape hatch
> *(prunable-friendly; quantum-resilient to signature forgery)*
>
> ## Assumptions
>
> - OP_CHECKTEMPLATEVERIFY (OP_CTV) is available per BIP119. The 32-byte template hash is `DefaultCheckTemplateVerifyHash`. [BIP 119: CHECKTEMPLATEVERIFY](https://bips.dev/119/)
>
> - OP_TXHASH / OP_CHECKTXHASHVERIFY is available per the current draft proposal, allowing scripts to hash and verify selected fields of the spending transaction without committing to a full transaction template.
>
> - Taproot key-path spending is disabled via NUMS internal keys. All Taproot outputs used in this construction MUST use a Nothing-Up-My-Sleeve (NUMS) internal key, forcing execution through the script path. If a real internal key is used, a future quantum attacker could derive the private key and bypass all script enforcement.
>
> - Relative timelocks exist (BIP68 / BIP112).
>
> - SHA256 preimage resistance holds, even if ECDSA/Schnorr signatures become forgeable.
>
> - Bitcoin nodes do not maintain a historical `txid → transaction` index by default.
>
> **[...read more at delvingbitcoin.org](https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-no-new-signatures/2168)**

Anchor-gated, UTXO-moving, template-bound spend using OP_TXHASH + OP_CTV with an escape hatchAnchor-gated, UTXO-moving, template-bound spend using OP_TXHASH + OP_CTV with an escape hatch

AssumptionsAssumptions